--- Begin Message ---
Package: release.debian.org
Control: affects -1 + src:7zip
X-Debbugs-Cc: [email protected], [email protected],
[email protected]
User: [email protected]
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: [email protected]
Severity: normal
Hello Release team,
[ Reason ]
7zip in bookworm is affected by multiple security issues.
https://security-tracker.debian.org/tracker/source-package/7zip
no-dsa: CVE-2023-31102 CVE-2023-40481 CVE-2025-11001 CVE-2025-11002
CVE-2025-55188
unimportant: CVE-2024-11612 CVE-2025-53817
The 7-zip project imports new releases in Git but does not provide any
history nor CVE information, making it difficult to isolate patches
and apply them to older p7zip code base:
https://github.com/ip7z/7zip/commits/main/
Hence we're proposing to bump the 7zip codebase to v25.01 (trixie).
(v26.00 was recently released but does not ship security fixes.)
[ Impact ]
Users are vulnerable to several directory traversals when handling
archives, both in .7z and other formats that 7zip supports, and memory
corruption in a couple format handlers.
7zip is used as a backend by the 'arqiver' graphical interface, so
this isn't limited to CLI. There are more such rdeps in trixie (ark,
engrampa...), but in bookworm the GUI impact is limited.
[ Tests ]
Superficial DEP-8 tests are shipped with 7zip (including running its
built-in benchmark).
Manual tests were performed with various archive formats, directly and
through 'arqiver'.
Salsa-CI is setup:
https://salsa.debian.org/debian/7zip/-/pipelines/1038002
as well as a debusine experiment:
https://debusine.debian.net/debian/developers-beuc-secure7zip/work-request/489960/
[ Risks ]
Discussing with jmm, "moving with full releases for 7zip seems fine
given it's just an edge package and CLI".
Moreover, in bookworm, the p7zip->7zip transition didn't happen yet,
so 7zip has few reverse dependencies and only provides the bin/7zz
executable. 7zip-rar is not introduced yet either.
The 7zip codebase is quite stable, and so are the CLI options.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
We're importing the v25.01 codebase on top of the bookworm packaging.
This is not a backport from trixie, as the packaging changed a lot to
handle the p7zip->7zip transition, as well as assembly compilation.
As the full debdiff is very noisy due to all the new upstream code,
care was taken to create a step-by-step minimal import on top of v22,
for review:
https://salsa.debian.org/debian/7zip/-/tree/debian/bookworm
- The packaging was left untouched, except for enabling salsa-ci.yml,
and fixing gbp.conf to properly target oldstable.
- The patches were refreshed from the trixie version, some renamed to
align with trixie:
- Patches for ASM support were left out;
so it the one introducing codepage changes (functional change)
- Obsolete bookworm patches were removed.
Attached are debdiffs of debian/, with and without patches/.
Full debdiff with new codebase is large (6.4MB) and was not included,
however this reuses the trixie tarball identically.
[ Other info ]
There's a on-going effort to address p7zip security issues by
upgrading p7zip to a patched 7zip, but this is a separate issue, and
separate SPUs will be filled:
https://lists.debian.org/debian-lts/2026/03/msg00009.html
This incidentally shows the stability of the 7zip CLI, as the 7zip
codebase was ported back to stretch to replace p7zip, with few issues.
--
Sylvain Beucler
Debian LTS Team
diff -Nru 7zip-22.01+dfsg/debian/changelog 7zip-25.01+dfsg/debian/changelog
--- 7zip-22.01+dfsg/debian/changelog 2024-10-17 18:45:17.000000000 +0200
+++ 7zip-25.01+dfsg/debian/changelog 2026-03-06 07:46:31.000000000 +0100
@@ -1,3 +1,29 @@
+7zip (25.01+dfsg-0+deb12u1) bookworm; urgency=high
+
+ * Non-maintainer upload by the LTS Security Team.
+ * Bump to upstream 25.01, fixes:
+ - CVE-2023-31102
+ - CVE-2023-40481
+ - CVE-2024-11612
+ - CVE-2025-11001
+ - CVE-2025-11002
+ - CVE-2025-53817
+ - CVE-2025-55188
+ * Sync patches from 25.01+dfsg-1~deb13u1:
+ - keep old patches:
+ - 000*-Remove-unwanted-hack-for-object-files.patch (no 7z.so)
+ - drop new patches:
+ - 000*-Use-c-flags-for-asmc.patch (no ASM)
+ - 000*-Add-fpic-for-Asmc-options.patch (no ASM)
+ - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch
+ (behavior change)
+ * No changes to packaging to avoid disruption in stable release (no
+ split package, no ASM support, no files in /usr/lib/7z/, etc.)
+ * Enable Salsa CI.
+ * Configure git-buildpackage for oldstable.
+
+ -- Sylvain Beucler <[email protected]> Fri, 06 Mar 2026 07:46:31 +0100
+
7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium
* Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)
diff -Nru 7zip-22.01+dfsg/debian/gbp.conf 7zip-25.01+dfsg/debian/gbp.conf
--- 7zip-22.01+dfsg/debian/gbp.conf 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/gbp.conf 2026-03-04 12:25:37.000000000 +0100
@@ -1,2 +1,5 @@
+[DEFAULT]
+debian-branch = debian/bookworm
+
[import-orig]
pristine-tar = True
diff -Nru 7zip-22.01+dfsg/debian/salsa-ci.yml 7zip-25.01+dfsg/debian/salsa-ci.yml
--- 7zip-22.01+dfsg/debian/salsa-ci.yml 1970-01-01 01:00:00.000000000 +0100
+++ 7zip-25.01+dfsg/debian/salsa-ci.yml 2026-02-11 07:26:32.000000000 +0100
@@ -0,0 +1,3 @@
+---
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
diff -Nru 7zip-22.01+dfsg/debian/changelog 7zip-25.01+dfsg/debian/changelog
--- 7zip-22.01+dfsg/debian/changelog 2024-10-17 18:45:17.000000000 +0200
+++ 7zip-25.01+dfsg/debian/changelog 2026-03-06 07:46:31.000000000 +0100
@@ -1,3 +1,29 @@
+7zip (25.01+dfsg-0+deb12u1) bookworm; urgency=high
+
+ * Non-maintainer upload by the LTS Security Team.
+ * Bump to upstream 25.01, fixes:
+ - CVE-2023-31102
+ - CVE-2023-40481
+ - CVE-2024-11612
+ - CVE-2025-11001
+ - CVE-2025-11002
+ - CVE-2025-53817
+ - CVE-2025-55188
+ * Sync patches from 25.01+dfsg-1~deb13u1:
+ - keep old patches:
+ - 000*-Remove-unwanted-hack-for-object-files.patch (no 7z.so)
+ - drop new patches:
+ - 000*-Use-c-flags-for-asmc.patch (no ASM)
+ - 000*-Add-fpic-for-Asmc-options.patch (no ASM)
+ - 000*-Use-system-locale-to-select-codepage-for-legacy-zip-.patch
+ (behavior change)
+ * No changes to packaging to avoid disruption in stable release (no
+ split package, no ASM support, no files in /usr/lib/7z/, etc.)
+ * Enable Salsa CI.
+ * Configure git-buildpackage for oldstable.
+
+ -- Sylvain Beucler <[email protected]> Fri, 06 Mar 2026 07:46:31 +0100
+
7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium
* Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)
diff -Nru 7zip-22.01+dfsg/debian/gbp.conf 7zip-25.01+dfsg/debian/gbp.conf
--- 7zip-22.01+dfsg/debian/gbp.conf 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/gbp.conf 2026-03-04 12:25:37.000000000 +0100
@@ -1,2 +1,5 @@
+[DEFAULT]
+debian-branch = debian/bookworm
+
[import-orig]
pristine-tar = True
diff -Nru 7zip-22.01+dfsg/debian/patches/0001-Accept-Debian-build-flags.patch 7zip-25.01+dfsg/debian/patches/0001-Accept-Debian-build-flags.patch
--- 7zip-22.01+dfsg/debian/patches/0001-Accept-Debian-build-flags.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0001-Accept-Debian-build-flags.patch 2026-02-11 08:34:56.000000000 +0100
@@ -4,46 +4,54 @@
Forwarded: not-needed
---
- CPP/7zip/7zip_gcc.mak | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
+ CPP/7zip/7zip_gcc.mak | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/CPP/7zip/7zip_gcc.mak b/CPP/7zip/7zip_gcc.mak
-index 2a24e06..090e498 100755
+index 8fbef14..2756ba4 100644
--- a/CPP/7zip/7zip_gcc.mak
+++ b/CPP/7zip/7zip_gcc.mak
-@@ -82,7 +82,7 @@ endif
+@@ -45,7 +45,7 @@ CFLAGS_DEBUG = -g
+ else
+ CFLAGS_DEBUG = -DNDEBUG
+ ifneq ($(CC), $(CROSS_COMPILE)clang)
+-LFLAGS_STRIP = -s
++LFLAGS_STRIP =
+ endif
+ endif
+
+@@ -104,14 +104,14 @@ SHARED_EXT=.dll
+ LDFLAGS = -shared -DEF $(DEF_FILE) $(LDFLAGS_STATIC)
+ else
+ SHARED_EXT=.so
+-LDFLAGS = -shared -fPIC $(LDFLAGS_STATIC)
++LDFLAGS = -shared -fPIC $(DEB_LDFLAGS) $(LDFLAGS_STATIC)
+ CC_SHARED=-fPIC
+ endif
+
else
-LDFLAGS = $(LDFLAGS_STATIC)
+LDFLAGS = $(DEB_LDFLAGS) $(LDFLAGS_STATIC)
- # -s is not required for clang, do we need it for GGC ???
- # -s
+ # -z force-bti
+ # -s is not required for clang, do we need it for GCC ???
-@@ -138,7 +138,7 @@ endif
+@@ -169,7 +169,7 @@ endif
--CFLAGS = $(MY_ARCH_2) $(LOCAL_FLAGS) $(CFLAGS_BASE2) $(CFLAGS_BASE) $(CC_SHARED) -o $@
-+CFLAGS = $(DEB_CFLAGS) $(DEB_CPPFLAGS) $(MY_ARCH_2) $(LOCAL_FLAGS) $(CFLAGS_BASE2) $(CFLAGS_BASE) $(CC_SHARED) -o $@
+-CFLAGS = $(MY_ARCH_2) $(LOCAL_FLAGS) $(CFLAGS_BASE2) $(CFLAGS_BASE) $(FLAGS_FLTO) $(CC_SHARED) -o $@
++CFLAGS = $(DEB_CFLAGS) $(DEB_CPPFLAGS) $(MY_ARCH_2) $(LOCAL_FLAGS) $(CFLAGS_BASE2) $(CFLAGS_BASE) $(FLAGS_FLTO) $(CC_SHARED) -o $@
ifdef IS_MINGW
-@@ -179,7 +179,7 @@ CXX_WARN_FLAGS =
+@@ -210,7 +210,7 @@ CXX_WARN_FLAGS =
#-Wno-invalid-offsetof
#-Wno-reorder
--CXXFLAGS = $(MY_ARCH_2) $(LOCAL_FLAGS) $(CXXFLAGS_BASE2) $(CFLAGS_BASE) $(CXXFLAGS_EXTRA) $(CC_SHARED) -o $@ $(CXX_WARN_FLAGS)
-+CXXFLAGS = $(DEB_CXXFLAGS) $(DEB_CPPFLAGS) $(MY_ARCH_2) $(LOCAL_FLAGS) $(CXXFLAGS_BASE2) $(CFLAGS_BASE) $(CXXFLAGS_EXTRA) $(CC_SHARED) -o $@ $(CXX_WARN_FLAGS)
+-CXXFLAGS = $(MY_ARCH_2) $(LOCAL_FLAGS) $(CXXFLAGS_BASE2) $(CFLAGS_BASE) $(FLAGS_FLTO) $(CXXFLAGS_EXTRA) $(CC_SHARED) $(CXX_WARN_FLAGS) $(CXX_STD_FLAGS) $(CXX_INCLUDE_FLAGS) -o $@
++CXXFLAGS = $(DEB_CXXFLAGS) $(DEB_CPPFLAGS) $(MY_ARCH_2) $(LOCAL_FLAGS) $(CXXFLAGS_BASE2) $(CFLAGS_BASE) $(FLAGS_FLTO) $(CXXFLAGS_EXTRA) $(CC_SHARED) $(CXX_WARN_FLAGS) $(CXX_STD_FLAGS) $(CXX_INCLUDE_FLAGS) -o $@
STATIC_TARGET=
ifdef COMPL_STATIC
-@@ -192,7 +192,7 @@ all: $(O) $(PROGPATH) $(STATIC_TARGET)
- $(O):
- $(MY_MKDIR) $(O)
-
--LFLAGS_ALL = -s $(MY_ARCH_2) $(LDFLAGS) $(LD_arch) $(OBJS) $(MY_LIBS) $(LIB2)
-+LFLAGS_ALL = $(MY_ARCH_2) $(LDFLAGS) $(LD_arch) $(OBJS) $(MY_LIBS) $(LIB2)
- $(PROGPATH): $(OBJS)
- $(CXX) -o $(PROGPATH) $(LFLAGS_ALL)
-
diff -Nru 7zip-22.01+dfsg/debian/patches/0002-Use-GCC-10-warning-options.patch 7zip-25.01+dfsg/debian/patches/0002-Use-GCC-10-warning-options.patch
--- 7zip-22.01+dfsg/debian/patches/0002-Use-GCC-10-warning-options.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0002-Use-GCC-10-warning-options.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,22 +0,0 @@
-From: YOKOTA Hiroshi <[email protected]>
-Date: Tue, 31 Aug 2021 19:20:33 +0900
-Subject: Use GCC 10 warning options
-
-Forwarded: not-needed
----
- CPP/7zip/warn_gcc.mak | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/CPP/7zip/warn_gcc.mak b/CPP/7zip/warn_gcc.mak
-index afc0c9d..230d2f0 100755
---- a/CPP/7zip/warn_gcc.mak
-+++ b/CPP/7zip/warn_gcc.mak
-@@ -50,7 +50,7 @@ CFLAGS_WARN_GCC_PPMD_UNALIGNED = \
- -Wno-strict-aliasing \
-
-
--CFLAGS_WARN = $(CFLAGS_WARN_GCC_9) \
-+CFLAGS_WARN = $(CFLAGS_WARN_GCC_10) \
-
- # $(CFLAGS_WARN_GCC_PPMD_UNALIGNED)
-
diff -Nru 7zip-22.01+dfsg/debian/patches/0002-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch 7zip-25.01+dfsg/debian/patches/0002-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch
--- 7zip-22.01+dfsg/debian/patches/0002-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch 1970-01-01 01:00:00.000000000 +0100
+++ 7zip-25.01+dfsg/debian/patches/0002-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch 2026-02-11 08:34:56.000000000 +0100
@@ -0,0 +1,39 @@
+From: YOKOTA Hiroshi <[email protected]>
+Date: Wed, 15 Sep 2021 00:02:36 +0900
+Subject: Use getcwd(3) POSIX extension to avoid PATH_MAX macro
+
+Forwarded: https://sourceforge.net/p/sevenzip/patches/369/
+
+This fix helps GNU Hurd.
+---
+ CPP/Windows/FileDir.cpp | 13 +------------
+ 1 file changed, 1 insertion(+), 12 deletions(-)
+
+diff --git a/CPP/Windows/FileDir.cpp b/CPP/Windows/FileDir.cpp
+index 4a4bf52..e1747fc 100644
+--- a/CPP/Windows/FileDir.cpp
++++ b/CPP/Windows/FileDir.cpp
+@@ -1141,22 +1141,11 @@ bool GetCurrentDir(FString &path)
+ {
+ path.Empty();
+
+- #define MY_PATH_MAX PATH_MAX
+- // #define MY_PATH_MAX 1024
+-
+- char s[MY_PATH_MAX + 1];
+- char *res = getcwd(s, MY_PATH_MAX);
+- if (res)
+- {
+- path = fas2fs(s);
+- return true;
+- }
+ {
+- // if (errno != ERANGE) return false;
+ #if defined(__GLIBC__) || defined(__APPLE__)
+ /* As an extension to the POSIX.1-2001 standard, glibc's getcwd()
+ allocates the buffer dynamically using malloc(3) if buf is NULL. */
+- res = getcwd(NULL, 0);
++ char *res = getcwd(NULL, 0);
+ if (res)
+ {
+ path = fas2fs(res);
diff -Nru 7zip-22.01+dfsg/debian/patches/0003-Disable-hardware-acceleration-support-on-armel.patch 7zip-25.01+dfsg/debian/patches/0003-Disable-hardware-acceleration-support-on-armel.patch
--- 7zip-22.01+dfsg/debian/patches/0003-Disable-hardware-acceleration-support-on-armel.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0003-Disable-hardware-acceleration-support-on-armel.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,159 +0,0 @@
-From: YOKOTA Hiroshi <[email protected]>
-Date: Tue, 14 Sep 2021 23:51:04 +0900
-Subject: Disable hardware acceleration support on armel
-
-Use "__ARM_ARCH" to split "armel" and "armhf"
-
-__ARM_ARCH:
- armel = 5
- armhf = 7
----
- C/Aes.c | 2 ++
- C/AesOpt.c | 2 ++
- C/Sha1.c | 2 ++
- C/Sha1Opt.c | 2 ++
- C/Sha256.c | 2 ++
- C/Sha256Opt.c | 2 ++
- CPP/7zip/Crypto/MyAes.cpp | 2 ++
- 7 files changed, 14 insertions(+)
-
-diff --git a/C/Aes.c b/C/Aes.c
-index 9ad66c5..2af4298 100755
---- a/C/Aes.c
-+++ b/C/Aes.c
-@@ -56,6 +56,7 @@ static Byte InvS[256];
- #ifdef MY_CPU_X86_OR_AMD64
- #define USE_HW_AES
- #elif defined(MY_CPU_ARM_OR_ARM64) && defined(MY_CPU_LE)
-+ #if (__ARM_ARCH >= 7)
- #if defined(__clang__)
- #if (__clang_major__ >= 8) // fix that check
- #define USE_HW_AES
-@@ -69,6 +70,7 @@ static Byte InvS[256];
- #define USE_HW_AES
- #endif
- #endif
-+ #endif
- #endif
-
- #ifdef USE_HW_AES
-diff --git a/C/AesOpt.c b/C/AesOpt.c
-index 1bdc9a8..60058bc 100755
---- a/C/AesOpt.c
-+++ b/C/AesOpt.c
-@@ -508,6 +508,7 @@ VAES_COMPAT_STUB (AesCtr_Code_HW)
-
- #elif defined(MY_CPU_ARM_OR_ARM64) && defined(MY_CPU_LE)
-
-+ #if (__ARM_ARCH >= 7)
- #if defined(__clang__)
- #if (__clang_major__ >= 8) // fix that check
- #define USE_HW_AES
-@@ -521,6 +522,7 @@ VAES_COMPAT_STUB (AesCtr_Code_HW)
- #define USE_HW_AES
- #endif
- #endif
-+ #endif
-
- #ifdef USE_HW_AES
-
-diff --git a/C/Sha1.c b/C/Sha1.c
-index 7adeb44..b6ee739 100755
---- a/C/Sha1.c
-+++ b/C/Sha1.c
-@@ -33,6 +33,7 @@ This code is based on public domain code of Steve Reid from Wei Dai's Crypto++ l
- #endif
- #endif
- #elif defined(MY_CPU_ARM_OR_ARM64)
-+ #if (__ARM_ARCH >= 7)
- #ifdef _MSC_VER
- #if _MSC_VER >= 1910 && _MSC_VER >= 1929 && _MSC_FULL_VER >= 192930037
- #define _SHA_SUPPORTED
-@@ -46,6 +47,7 @@ This code is based on public domain code of Steve Reid from Wei Dai's Crypto++ l
- #define _SHA_SUPPORTED
- #endif
- #endif
-+ #endif
- #endif
-
- void MY_FAST_CALL Sha1_UpdateBlocks(UInt32 state[5], const Byte *data, size_t numBlocks);
-diff --git a/C/Sha1Opt.c b/C/Sha1Opt.c
-index dcedfbc..574d469 100755
---- a/C/Sha1Opt.c
-+++ b/C/Sha1Opt.c
-@@ -214,6 +214,7 @@ void MY_FAST_CALL Sha1_UpdateBlocks_HW(UInt32 state[5], const Byte *data, size_t
-
- #elif defined(MY_CPU_ARM_OR_ARM64)
-
-+ #if (__ARM_ARCH >= 7)
- #if defined(__clang__)
- #if (__clang_major__ >= 8) // fix that check
- #define USE_HW_SHA
-@@ -227,6 +228,7 @@ void MY_FAST_CALL Sha1_UpdateBlocks_HW(UInt32 state[5], const Byte *data, size_t
- #define USE_HW_SHA
- #endif
- #endif
-+ #endif
-
- #ifdef USE_HW_SHA
-
-diff --git a/C/Sha256.c b/C/Sha256.c
-index c03b75a..e997ad4 100755
---- a/C/Sha256.c
-+++ b/C/Sha256.c
-@@ -33,6 +33,7 @@ This code is based on public domain code from Wei Dai's Crypto++ library. */
- #endif
- #endif
- #elif defined(MY_CPU_ARM_OR_ARM64)
-+ #if (__ARM_ARCH >= 7)
- #ifdef _MSC_VER
- #if _MSC_VER >= 1910
- #define _SHA_SUPPORTED
-@@ -46,6 +47,7 @@ This code is based on public domain code from Wei Dai's Crypto++ library. */
- #define _SHA_SUPPORTED
- #endif
- #endif
-+ #endif
- #endif
-
- void MY_FAST_CALL Sha256_UpdateBlocks(UInt32 state[8], const Byte *data, size_t numBlocks);
-diff --git a/C/Sha256Opt.c b/C/Sha256Opt.c
-index cc8c53e..b13cf7b 100755
---- a/C/Sha256Opt.c
-+++ b/C/Sha256Opt.c
-@@ -214,6 +214,7 @@ void MY_FAST_CALL Sha256_UpdateBlocks_HW(UInt32 state[8], const Byte *data, size
-
- #elif defined(MY_CPU_ARM_OR_ARM64)
-
-+ #if (__ARM_ARCH >= 7)
- #if defined(__clang__)
- #if (__clang_major__ >= 8) // fix that check
- #define USE_HW_SHA
-@@ -227,6 +228,7 @@ void MY_FAST_CALL Sha256_UpdateBlocks_HW(UInt32 state[8], const Byte *data, size
- #define USE_HW_SHA
- #endif
- #endif
-+ #endif
-
- #ifdef USE_HW_SHA
-
-diff --git a/CPP/7zip/Crypto/MyAes.cpp b/CPP/7zip/Crypto/MyAes.cpp
-index 7e7cced..0df7b2f 100755
---- a/CPP/7zip/Crypto/MyAes.cpp
-+++ b/CPP/7zip/Crypto/MyAes.cpp
-@@ -86,6 +86,7 @@ STDMETHODIMP CAesCoder::SetInitVector(const Byte *data, UInt32 size)
- #ifdef MY_CPU_X86_OR_AMD64
- #define USE_HW_AES
- #elif defined(MY_CPU_ARM_OR_ARM64) && defined(MY_CPU_LE)
-+ #if (__ARM_ARCH >= 7)
- #if defined(__clang__)
- #if (__clang_major__ >= 8) // fix that check
- #define USE_HW_AES
-@@ -99,6 +100,7 @@ STDMETHODIMP CAesCoder::SetInitVector(const Byte *data, UInt32 size)
- #define USE_HW_AES
- #endif
- #endif
-+ #endif
- #endif
-
- #endif
diff -Nru 7zip-22.01+dfsg/debian/patches/0003-Disable-local-echo-display-when-in-input-passwords-C.patch 7zip-25.01+dfsg/debian/patches/0003-Disable-local-echo-display-when-in-input-passwords-C.patch
--- 7zip-22.01+dfsg/debian/patches/0003-Disable-local-echo-display-when-in-input-passwords-C.patch 1970-01-01 01:00:00.000000000 +0100
+++ 7zip-25.01+dfsg/debian/patches/0003-Disable-local-echo-display-when-in-input-passwords-C.patch 2026-02-11 08:34:56.000000000 +0100
@@ -0,0 +1,88 @@
+From: YOKOTA Hiroshi <[email protected]>
+Date: Tue, 22 Feb 2022 21:02:14 +0900
+Subject: Disable local echo display when in input passwords (Closes:
+ #1006238)
+
+Forwarded: https://sourceforge.net/p/sevenzip/patches/381/
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006238
+---
+ CPP/7zip/UI/Console/UserInputUtils.cpp | 33 ++++++++++++++++++++++++++++++++-
+ CPP/Common/StdInStream.h | 3 +++
+ 2 files changed, 35 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/UI/Console/UserInputUtils.cpp b/CPP/7zip/UI/Console/UserInputUtils.cpp
+index 6c3c85a..2832b00 100644
+--- a/CPP/7zip/UI/Console/UserInputUtils.cpp
++++ b/CPP/7zip/UI/Console/UserInputUtils.cpp
+@@ -57,9 +57,18 @@ NUserAnswerMode::EEnum ScanUserYesNoAllQuit(CStdOutStream *outStream)
+ #ifdef _WIN32
+ #ifndef UNDER_CE
+ #define MY_DISABLE_ECHO
++#define MY_DISABLE_ECHO_WIN32
+ #endif
+ #endif
+
++#ifdef unix
++#include <stdio.h>
++#include <termios.h>
++#include <unistd.h>
++#define MY_DISABLE_ECHO
++#define MY_DISABLE_ECHO_UNIX
++#endif
++
+ static bool GetPassword(CStdOutStream *outStream, UString &psw)
+ {
+ if (outStream)
+@@ -72,7 +81,7 @@ static bool GetPassword(CStdOutStream *outStream, UString &psw)
+ outStream->Flush();
+ }
+
+- #ifdef MY_DISABLE_ECHO
++ #ifdef MY_DISABLE_ECHO_WIN32
+
+ const HANDLE console = GetStdHandle(STD_INPUT_HANDLE);
+
+@@ -91,6 +100,28 @@ static bool GetPassword(CStdOutStream *outStream, UString &psw)
+ if (wasChanged)
+ SetConsoleMode(console, mode);
+
++ #elif defined(MY_DISABLE_ECHO_UNIX)
++
++ const int ifd = fileno(&(*g_StdIn));
++ bool wasChanged = false;
++ struct termios old_mode = {};
++ struct termios new_mode = {};
++
++ if (tcgetattr(ifd, &old_mode) == 0) {
++ new_mode = old_mode;
++ new_mode.c_lflag &= ~ECHO;
++
++ tcsetattr(ifd, TCSAFLUSH, &new_mode);
++
++ wasChanged = true;
++ }
++
++ const bool res = g_StdIn.ScanUStringUntilNewLine(psw);
++
++ if (wasChanged) {
++ tcsetattr(ifd, TCSAFLUSH, &old_mode);
++ }
++
+ #else
+
+ const bool res = g_StdIn.ScanUStringUntilNewLine(psw);
+diff --git a/CPP/Common/StdInStream.h b/CPP/Common/StdInStream.h
+index 2253c43..69d84fe 100644
+--- a/CPP/Common/StdInStream.h
++++ b/CPP/Common/StdInStream.h
+@@ -23,7 +23,10 @@ public:
+
+ /*
+ ~CStdInStream() { Close(); }
++ */
+
++ operator FILE *() { return _stream; }
++ /*
+ bool Open(LPCTSTR fileName) throw();
+ bool Close() throw();
+ */
diff -Nru 7zip-22.01+dfsg/debian/patches/0004-Guard-ARM-v8-feature-from-old-architecture.patch 7zip-25.01+dfsg/debian/patches/0004-Guard-ARM-v8-feature-from-old-architecture.patch
--- 7zip-22.01+dfsg/debian/patches/0004-Guard-ARM-v8-feature-from-old-architecture.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0004-Guard-ARM-v8-feature-from-old-architecture.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,25 +0,0 @@
-From: YOKOTA Hiroshi <[email protected]>
-Date: Wed, 13 Oct 2021 07:59:13 +0900
-Subject: Guard ARM v8 feature from old architecture
-
-Forwarded: not-needed
----
- C/7zCrc.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/C/7zCrc.c b/C/7zCrc.c
-index c7ec353..230d8a5 100755
---- a/C/7zCrc.c
-+++ b/C/7zCrc.c
-@@ -81,8 +81,9 @@ UInt32 MY_FAST_CALL CrcUpdateT1(UInt32 v, const void *data, size_t size, const U
- #define USE_ARM64_CRC
- #endif
- #endif
-- #elif (defined(__clang__) && (__clang_major__ >= 3)) \
-- || (defined(__GNUC__) && (__GNUC__ > 4))
-+ #elif ( (defined(__clang__) && (__clang_major__ >= 3)) || \
-+ (defined(__GNUC__) && (__GNUC__ > 4) ) ) && \
-+ (__ARM_ARCH >= 8)
- #if !defined(__ARM_FEATURE_CRC32)
- #define __ARM_FEATURE_CRC32 1
- #if (!defined(__clang__) || (__clang_major__ > 3)) // fix these numbers
diff -Nru 7zip-22.01+dfsg/debian/patches/0005-Add-note-for-unexpected-recursive-operations-behavio.patch 7zip-25.01+dfsg/debian/patches/0005-Add-note-for-unexpected-recursive-operations-behavio.patch
--- 7zip-22.01+dfsg/debian/patches/0005-Add-note-for-unexpected-recursive-operations-behavio.patch 1970-01-01 01:00:00.000000000 +0100
+++ 7zip-25.01+dfsg/debian/patches/0005-Add-note-for-unexpected-recursive-operations-behavio.patch 2026-02-11 08:34:56.000000000 +0100
@@ -0,0 +1,25 @@
+From: YOKOTA Hiroshi <[email protected]>
+Date: Fri, 3 Jan 2025 10:11:58 +0900
+Subject: Add note for unexpected recursive operations behavior to usage text
+
+Forwarded: https://sourceforge.net/p/sevenzip/bugs/2540/
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091693
+---
+ CPP/7zip/UI/Console/Main.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/CPP/7zip/UI/Console/Main.cpp b/CPP/7zip/UI/Console/Main.cpp
+index 5094452..7511322 100644
+--- a/CPP/7zip/UI/Console/Main.cpp
++++ b/CPP/7zip/UI/Console/Main.cpp
+@@ -133,6 +133,10 @@ static const char * const kHelpString =
+ PROG_POSTFIX
+ " <command> [<switches>...] <archive_name> [<file_names>...] [@listfile]\n"
+ "\n"
++ "Note:\n"
++ " If <file_names> is not specified, 7z" PROG_POSTFIX " implicitly uses \".\" as <file_names>.\n"
++ " This means recursively add/delete/extract files to/from <arcive_name>.\n"
++ "\n"
+ "<Commands>\n"
+ " a : Add files to archive\n"
+ " b : Benchmark\n"
diff -Nru 7zip-22.01+dfsg/debian/patches/0005-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch 7zip-25.01+dfsg/debian/patches/0005-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch
--- 7zip-22.01+dfsg/debian/patches/0005-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0005-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,39 +0,0 @@
-From: YOKOTA Hiroshi <[email protected]>
-Date: Wed, 15 Sep 2021 00:02:36 +0900
-Subject: Use getcwd(3) POSIX extension to avoid PATH_MAX macro
-
-Forwarded: not-needed
-
-This fix helps GNU Hurd.
----
- CPP/Windows/FileDir.cpp | 13 +------------
- 1 file changed, 1 insertion(+), 12 deletions(-)
-
-diff --git a/CPP/Windows/FileDir.cpp b/CPP/Windows/FileDir.cpp
-index 5e95204..9b5394e 100755
---- a/CPP/Windows/FileDir.cpp
-+++ b/CPP/Windows/FileDir.cpp
-@@ -906,22 +906,11 @@ bool GetCurrentDir(FString &path)
- {
- path.Empty();
-
-- #define MY__PATH_MAX PATH_MAX
-- // #define MY__PATH_MAX 1024
--
-- char s[MY__PATH_MAX + 1];
-- char *res = getcwd(s, MY__PATH_MAX);
-- if (res)
-- {
-- path = fas2fs(s);
-- return true;
-- }
- {
-- // if (errno != ERANGE) return false;
- #if defined(__GLIBC__) || defined(__APPLE__)
- /* As an extension to the POSIX.1-2001 standard, glibc's getcwd()
- allocates the buffer dynamically using malloc(3) if buf is NULL. */
-- res = getcwd(NULL, 0);
-+ char *res = getcwd(NULL, 0);
- if (res)
- {
- path = fas2fs(res);
diff -Nru 7zip-22.01+dfsg/debian/patches/0006-Disable-local-echo-display-when-in-input-passwords-C.patch 7zip-25.01+dfsg/debian/patches/0006-Disable-local-echo-display-when-in-input-passwords-C.patch
--- 7zip-22.01+dfsg/debian/patches/0006-Disable-local-echo-display-when-in-input-passwords-C.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0006-Disable-local-echo-display-when-in-input-passwords-C.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,83 +0,0 @@
-From: YOKOTA Hiroshi <[email protected]>
-Date: Tue, 22 Feb 2022 21:02:14 +0900
-Subject: Disable local echo display when in input passwords (Closes:
- #1006238)
-
----
- CPP/7zip/UI/Console/UserInputUtils.cpp | 33 ++++++++++++++++++++++++++++++++-
- CPP/Common/StdInStream.h | 1 +
- 2 files changed, 33 insertions(+), 1 deletion(-)
-
-diff --git a/CPP/7zip/UI/Console/UserInputUtils.cpp b/CPP/7zip/UI/Console/UserInputUtils.cpp
-index b3ca88e..6f60a78 100755
---- a/CPP/7zip/UI/Console/UserInputUtils.cpp
-+++ b/CPP/7zip/UI/Console/UserInputUtils.cpp
-@@ -56,9 +56,18 @@ NUserAnswerMode::EEnum ScanUserYesNoAllQuit(CStdOutStream *outStream)
- #ifdef _WIN32
- #ifndef UNDER_CE
- #define MY_DISABLE_ECHO
-+#define MY_DISABLE_ECHO_WIN32
- #endif
- #endif
-
-+#ifdef unix
-+#include <stdio.h>
-+#include <termios.h>
-+#include <unistd.h>
-+#define MY_DISABLE_ECHO
-+#define MY_DISABLE_ECHO_UNIX
-+#endif
-+
- static bool GetPassword(CStdOutStream *outStream, UString &psw)
- {
- if (outStream)
-@@ -71,7 +80,7 @@ static bool GetPassword(CStdOutStream *outStream, UString &psw)
- outStream->Flush();
- }
-
-- #ifdef MY_DISABLE_ECHO
-+ #ifdef MY_DISABLE_ECHO_WIN32
-
- HANDLE console = GetStdHandle(STD_INPUT_HANDLE);
- bool wasChanged = false;
-@@ -83,6 +92,28 @@ static bool GetPassword(CStdOutStream *outStream, UString &psw)
- if (wasChanged)
- SetConsoleMode(console, mode);
-
-+ #elif defined(MY_DISABLE_ECHO_UNIX)
-+
-+ int ifd = fileno(&(*g_StdIn));
-+ bool wasChanged = false;
-+ struct termios old_mode = {};
-+ struct termios new_mode = {};
-+
-+ if (tcgetattr(ifd, &old_mode) == 0) {
-+ new_mode = old_mode;
-+ new_mode.c_lflag &= ~ECHO;
-+
-+ tcsetattr(ifd, TCSAFLUSH, &new_mode);
-+
-+ wasChanged = true;
-+ }
-+
-+ bool res = g_StdIn.ScanUStringUntilNewLine(psw);
-+
-+ if (wasChanged) {
-+ tcsetattr(ifd, TCSAFLUSH, &old_mode);
-+ }
-+
- #else
-
- bool res = g_StdIn.ScanUStringUntilNewLine(psw);
-diff --git a/CPP/Common/StdInStream.h b/CPP/Common/StdInStream.h
-index 7f27e92..23c7bf8 100755
---- a/CPP/Common/StdInStream.h
-+++ b/CPP/Common/StdInStream.h
-@@ -23,6 +23,7 @@ public:
-
- ~CStdInStream() { Close(); }
-
-+ operator FILE *() { return _stream; }
- bool Open(LPCTSTR fileName) throw();
- bool Close() throw();
-
diff -Nru 7zip-22.01+dfsg/debian/patches/0007-Manually-de-reference-pointers.patch 7zip-25.01+dfsg/debian/patches/0007-Manually-de-reference-pointers.patch
--- 7zip-22.01+dfsg/debian/patches/0007-Manually-de-reference-pointers.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0007-Manually-de-reference-pointers.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,119 +0,0 @@
-From: YOKOTA Hiroshi <[email protected]>
-Date: Sun, 21 Aug 2022 16:50:54 +0900
-Subject: Manually de-reference pointers
-
-Implicit de-reference breaks link time optimization (LTO).
-
-Pointer type mismatch breaks LTO because it violates strict-aliasing rules.
-
-C/Aes.h:
- typedef void (MY_FAST_CALL *AES_CODE_FUNC)(UInt32 *ivAes, Byte *data, size_t numBlocks);
-C/AesOpt.c:
- void MY_FAST_CALL name(__m128i *p, __m128i *data, size_t numBlocks)
- void MY_FAST_CALL name(v128 *p, v128 *data, size_t numBlocks)
----
- C/AesOpt.c | 28 ++++++++++++++++++++++++++--
- 1 file changed, 26 insertions(+), 2 deletions(-)
-
-diff --git a/C/AesOpt.c b/C/AesOpt.c
-index 60058bc..1a81546 100755
---- a/C/AesOpt.c
-+++ b/C/AesOpt.c
-@@ -61,7 +61,7 @@
- #endif
-
- #define AES_FUNC_START(name) \
-- void MY_FAST_CALL name(__m128i *p, __m128i *data, size_t numBlocks)
-+ void MY_FAST_CALL name(UInt32 *d_p, Byte *d_data, size_t numBlocks)
-
- #define AES_FUNC_START2(name) \
- AES_FUNC_START (name); \
-@@ -77,6 +77,9 @@ AES_FUNC_START (name)
-
- AES_FUNC_START2 (AesCbc_Encode_HW)
- {
-+ __m128i *p = (__m128i *)(void *)d_p;
-+ __m128i *data = (__m128i *)(void *)d_data;
-+
- __m128i m = *p;
- const __m128i k0 = p[2];
- const __m128i k1 = p[3];
-@@ -218,6 +221,9 @@ AES_FUNC_START2 (AesCbc_Encode_HW)
-
- AES_FUNC_START2 (AesCbc_Decode_HW)
- {
-+ __m128i *p = (__m128i *)(void *)d_p;
-+ __m128i *data = (__m128i *)(void *)d_data;
-+
- __m128i iv = *p;
- const __m128i *wStart = p + *(const UInt32 *)(p + 1) * 2 + 2 - 1;
- const __m128i *dataEnd;
-@@ -271,6 +277,9 @@ AES_FUNC_START2 (AesCbc_Decode_HW)
-
- AES_FUNC_START2 (AesCtr_Code_HW)
- {
-+ __m128i *p = (__m128i *)(void *)d_p;
-+ __m128i *data = (__m128i *)(void *)d_data;
-+
- __m128i ctr = *p;
- UInt32 numRoundsMinus2 = *(const UInt32 *)(p + 1) * 2 - 1;
- const __m128i *dataEnd;
-@@ -344,6 +353,9 @@ AES_FUNC_START (name)
-
- VAES_FUNC_START2 (AesCbc_Decode_HW_256)
- {
-+ __m128i *p = (__m128i *)(void *)d_p;
-+ __m128i *data = (__m128i *)(void *)d_data;
-+
- __m128i iv = *p;
- const __m128i *dataEnd;
- UInt32 numRounds = *(const UInt32 *)(p + 1) * 2 + 1;
-@@ -415,6 +427,9 @@ AVX2: _mm256_add_epi64 : vpaddq ymm, ymm, ymm
-
- VAES_FUNC_START2 (AesCtr_Code_HW_256)
- {
-+ __m128i *p = (__m128i *)(void *)d_p;
-+ __m128i *data = (__m128i *)(void *)d_data;
-+
- __m128i ctr = *p;
- UInt32 numRounds = *(const UInt32 *)(p + 1) * 2 + 1;
- const __m128i *dataEnd;
-@@ -553,7 +568,7 @@ VAES_COMPAT_STUB (AesCtr_Code_HW)
- typedef uint8x16_t v128;
-
- #define AES_FUNC_START(name) \
-- void MY_FAST_CALL name(v128 *p, v128 *data, size_t numBlocks)
-+ void MY_FAST_CALL name(UInt32 *d_p, Byte *d_data, size_t numBlocks)
-
- #define AES_FUNC_START2(name) \
- AES_FUNC_START (name); \
-@@ -573,6 +588,9 @@ AES_FUNC_START (name)
-
- AES_FUNC_START2 (AesCbc_Encode_HW)
- {
-+ v128 *p = (v128 *)(void *)d_p;
-+ v128 *data = (v128 *)(void *)d_data;
-+
- v128 m = *p;
- const v128 k0 = p[2];
- const v128 k1 = p[3];
-@@ -674,6 +692,9 @@ AES_FUNC_START2 (AesCbc_Encode_HW)
-
- AES_FUNC_START2 (AesCbc_Decode_HW)
- {
-+ v128 *p = (v128 *)(void *)d_p;
-+ v128 *data = (v128 *)(void *)d_data;
-+
- v128 iv = *p;
- const v128 *wStart = p + ((size_t)*(const UInt32 *)(p + 1)) * 2;
- const v128 *dataEnd;
-@@ -726,6 +747,9 @@ AES_FUNC_START2 (AesCbc_Decode_HW)
-
- AES_FUNC_START2 (AesCtr_Code_HW)
- {
-+ v128 *p = (v128 *)(void *)d_p;
-+ v128 *data = (v128 *)(void *)d_data;
-+
- uint64x2_t ctr = vreinterpretq_u64_u8(*p);
- const v128 *wEnd = p + ((size_t)*(const UInt32 *)(p + 1)) * 2;
- const v128 *dataEnd;
diff -Nru 7zip-22.01+dfsg/debian/patches/0008-Remove-unwanted-hack-for-object-files.patch 7zip-25.01+dfsg/debian/patches/0008-Remove-unwanted-hack-for-object-files.patch
--- 7zip-22.01+dfsg/debian/patches/0008-Remove-unwanted-hack-for-object-files.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0008-Remove-unwanted-hack-for-object-files.patch 2026-02-11 08:34:01.000000000 +0100
@@ -7,17 +7,17 @@
CPP/7zip/7zip_gcc.mak | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
-diff --git a/CPP/7zip/7zip_gcc.mak b/CPP/7zip/7zip_gcc.mak
-index 090e498..525c24e 100755
---- a/CPP/7zip/7zip_gcc.mak
-+++ b/CPP/7zip/7zip_gcc.mak
-@@ -25,8 +25,7 @@ endif
- CFLAGS_BASE_LIST = -c
+Index: 7zip/CPP/7zip/7zip_gcc.mak
+===================================================================
+--- 7zip.orig/CPP/7zip/7zip_gcc.mak
++++ 7zip/CPP/7zip/7zip_gcc.mak
+@@ -51,8 +51,7 @@ endif
+
# CFLAGS_BASE_LIST = -S
CFLAGS_BASE = -O2 $(CFLAGS_BASE_LIST) $(CFLAGS_WARN_WALL) $(CFLAGS_WARN) \
-- -DNDEBUG -D_REENTRANT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE \
+- $(CFLAGS_DEBUG) -D_REENTRANT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE \
- -fPIC
-+ -DNDEBUG -D_REENTRANT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-
- # -D_7ZIP_AFFINITY_DISABLE
++ $(CFLAGS_DEBUG) -D_REENTRANT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+ FLAGS_FLTO = -ffunction-sections
+ FLAGS_FLTO = -flto
diff -Nru 7zip-22.01+dfsg/debian/patches/0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch 7zip-25.01+dfsg/debian/patches/0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch
--- 7zip-22.01+dfsg/debian/patches/0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,146 +0,0 @@
-From: YOKOTA Hiroshi <[email protected]>
-Date: Wed, 2 Oct 2024 12:09:49 +0900
-Subject: Fix CVE-2023-52168 and CVE-2023-52169
-
-Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-52168
-Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-52169
-Forwarded: not-needed
-
-This patch was extracted from reporter's blog and
-upstream/23.01..upstream/24.05 diff.
-> https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
----
- CPP/7zip/Archive/NtfsHandler.cpp | 89 +++++++++++++++++++++++++---------------
- 1 file changed, 57 insertions(+), 32 deletions(-)
-
-diff --git a/CPP/7zip/Archive/NtfsHandler.cpp b/CPP/7zip/Archive/NtfsHandler.cpp
-index 0b9ee29..39a1299 100755
---- a/CPP/7zip/Archive/NtfsHandler.cpp
-+++ b/CPP/7zip/Archive/NtfsHandler.cpp
-@@ -71,6 +71,7 @@ struct CHeader
- {
- unsigned SectorSizeLog;
- unsigned ClusterSizeLog;
-+ unsigned MftRecordSizeLog;
- // Byte MediaType;
- UInt32 NumHiddenSectors;
- UInt64 NumSectors;
-@@ -156,14 +157,47 @@ bool CHeader::Parse(const Byte *p)
-
- NumClusters = NumSectors >> sectorsPerClusterLog;
-
-- G64(p + 0x30, MftCluster);
-+ G64(p + 0x30, MftCluster); // $MFT.
- // G64(p + 0x38, Mft2Cluster);
-- G64(p + 0x48, SerialNumber);
-- UInt32 numClustersInMftRec;
-- UInt32 numClustersInIndexBlock;
-- G32(p + 0x40, numClustersInMftRec); // -10 means 2 ^10 = 1024 bytes.
-- G32(p + 0x44, numClustersInIndexBlock);
-- return (numClustersInMftRec < 256 && numClustersInIndexBlock < 256);
-+ G64(p + 0x48, SerialNumber); // $MFTMirr
-+
-+ /*
-+ numClusters_per_MftRecord:
-+ numClusters_per_IndexBlock:
-+ only low byte from 4 bytes is used. Another 3 high bytes are zeros.
-+ If the number is positive (number < 0x80),
-+ then it represents the number of clusters.
-+ If the number is negative (number >= 0x80),
-+ then the size of the file record is 2 raised to the absolute value of this number.
-+ example: (0xF6 == -10) means 2^10 = 1024 bytes.
-+ */
-+ {
-+ UInt32 numClusters_per_MftRecord;
-+ G32(p + 0x40, numClusters_per_MftRecord);
-+ if (numClusters_per_MftRecord >= 0x100 || numClusters_per_MftRecord == 0)
-+ return false;
-+ if (numClusters_per_MftRecord < 0x80)
-+ {
-+ const int t = GetLog(numClusters_per_MftRecord);
-+ if (t < 0)
-+ return false;
-+ MftRecordSizeLog = (unsigned)t + ClusterSizeLog;
-+ }
-+ else
-+ MftRecordSizeLog = 0x100 - numClusters_per_MftRecord;
-+ // what exact MFT record sizes are possible and supported by Windows?
-+ // do we need to change this limit here?
-+ const unsigned k_MftRecordSizeLog_MAX = 12;
-+ if (MftRecordSizeLog > k_MftRecordSizeLog_MAX)
-+ return false;
-+ if (MftRecordSizeLog < SectorSizeLog)
-+ return false;
-+ }
-+ {
-+ UInt32 numClusters_per_IndexBlock;
-+ G32(p + 0x44, numClusters_per_IndexBlock);
-+ return (numClusters_per_IndexBlock < 0x100);
-+ }
- }
-
- struct CMftRef
-@@ -266,8 +300,8 @@ bool CFileNameAttr::Parse(const Byte *p, unsigned size)
- G32(p + 0x38, Attrib);
- // G16(p + 0x3C, PackedEaSize);
- NameType = p[0x41];
-- unsigned len = p[0x40];
-- if (0x42 + len > size)
-+ const unsigned len = p[0x40];
-+ if (0x42 + len * 2 > size)
- return false;
- if (len != 0)
- GetString(p + 0x42, len, Name);
-@@ -1730,26 +1764,22 @@ HRESULT CDatabase::Open()
-
- SeekToCluster(Header.MftCluster);
-
-- CMftRec mftRec;
-- UInt32 numSectorsInRec;
--
-+ // we use ByteBuf for records reading.
-+ // so the size of ByteBuf must be >= mftRecordSize
-+ const size_t recSize = (size_t)1 << Header.MftRecordSizeLog;
-+ const size_t kBufSize = MyMax((size_t)(1 << 15), recSize);
-+ ByteBuf.Alloc(kBufSize);
-+ RINOK(ReadStream_FALSE(InStream, ByteBuf, recSize))
-+ {
-+ const UInt32 allocSize = Get32(ByteBuf + 0x1C);
-+ if (allocSize != recSize)
-+ return S_FALSE;
-+ }
-+ // MftRecordSizeLog >= SectorSizeLog
-+ const UInt32 numSectorsInRec = 1u << (Header.MftRecordSizeLog - Header.SectorSizeLog);
- CMyComPtr<IInStream> mftStream;
-+ CMftRec mftRec;
- {
-- UInt32 blockSize = 1 << 12;
-- ByteBuf.Alloc(blockSize);
-- RINOK(ReadStream_FALSE(InStream, ByteBuf, blockSize));
--
-- {
-- UInt32 allocSize = Get32(ByteBuf + 0x1C);
-- int t = GetLog(allocSize);
-- if (t < (int)Header.SectorSizeLog)
-- return S_FALSE;
-- RecSizeLog = t;
-- if (RecSizeLog > 15)
-- return S_FALSE;
-- }
--
-- numSectorsInRec = 1 << (RecSizeLog - Header.SectorSizeLog);
- if (!mftRec.Parse(ByteBuf, Header.SectorSizeLog, numSectorsInRec, 0, NULL))
- return S_FALSE;
- if (!mftRec.IsFILE())
-@@ -1768,11 +1798,6 @@ HRESULT CDatabase::Open()
- if ((mftSize >> 4) > Header.GetPhySize_Clusters())
- return S_FALSE;
-
-- const size_t kBufSize = (1 << 15);
-- const size_t recSize = ((size_t)1 << RecSizeLog);
-- if (kBufSize < recSize)
-- return S_FALSE;
--
- {
- const UInt64 numFiles = mftSize >> RecSizeLog;
- if (numFiles > (1 << 30))
diff -Nru 7zip-22.01+dfsg/debian/patches/series 7zip-25.01+dfsg/debian/patches/series
--- 7zip-22.01+dfsg/debian/patches/series 2024-10-17 18:28:14.000000000 +0200
+++ 7zip-25.01+dfsg/debian/patches/series 2026-02-11 08:34:56.000000000 +0100
@@ -1,9 +1,5 @@
0001-Accept-Debian-build-flags.patch
-0002-Use-GCC-10-warning-options.patch
-0003-Disable-hardware-acceleration-support-on-armel.patch
-0004-Guard-ARM-v8-feature-from-old-architecture.patch
-0005-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch
-0006-Disable-local-echo-display-when-in-input-passwords-C.patch
-0007-Manually-de-reference-pointers.patch
+0002-Use-getcwd-3-POSIX-extension-to-avoid-PATH_MAX-macro.patch
+0003-Disable-local-echo-display-when-in-input-passwords-C.patch
+0005-Add-note-for-unexpected-recursive-operations-behavio.patch
0008-Remove-unwanted-hack-for-object-files.patch
-0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch
diff -Nru 7zip-22.01+dfsg/debian/salsa-ci.yml 7zip-25.01+dfsg/debian/salsa-ci.yml
--- 7zip-22.01+dfsg/debian/salsa-ci.yml 1970-01-01 01:00:00.000000000 +0100
+++ 7zip-25.01+dfsg/debian/salsa-ci.yml 2026-02-11 07:26:32.000000000 +0100
@@ -0,0 +1,3 @@
+---
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
--- End Message ---
